It doesn't matter who you are ... it matters what your APN is!
This article focuses on a little trick to which a virtual OCOSOC can resort to deceive its subscribers in the process of providing packet data services. Our focus will be on the process of selecting and using the Access Point Name [APN].
As we remember from the GPRS article from the inside. Part 2 , APN is used during the PDP Context activation procedure and is intended to determine the service requested by the subscriber.
The services provided by the resources of the mobile operator's packet network can be:
Let us consider in more detail the mechanisms for choosing and using the APN (en) - Access Point Name in a GPRS session. Let's start with the limitations, the APN should NOT :
* - This restriction applies to the so-called. Network ID (see below)
** - only alphanumeric sequences of characters are used: 'A ... Z', 'a ... z', '0 ... 9', as well as the characters'. - '
')
An APN must also begin with an alphanumeric character string and is not case sensitive on the SGNS side.
Functionally, the APN is designed to determine the IP address of the GGSN, which will provide the service requested by the subscriber when the PDP context is activated.
Optionally, an APN consists of two parts — a network identifier (mandatory part) and an operator identifier (optional part):
The operator ID can be added to the APN in various ways:
The full APN name (including the operator ID) is used to resolve the IP address of the GGSN that will serve the specified APN. On the side of the local DNS operator, the APN will be “decrypted” from right to left, i.e. determine the gprs domain service area, then the mcc255 domain service area, etc. Before activating the PDP Context, the SGSN receives a user profile from the HLR. In the user profile, the APN parameter may indicate the APN's allowed for use by the subscriber, or the “*” sign, which allows the use of any of the existing APNs in the operator’s network. If the profile contains a list of several allowed APNs, then the first APN in the list has a higher priority than the others - see examples.
For each PLMN, be it Home PLMN or Visitor PLMN, most vendors allow you to register on SGSN, so-called. Default APN Operator Identifier [DEFAPN], which is automatically substituted as a Network Identifier, i.e. actually replacing the APN requested by the subscriber, but only if the subscriber made a mistake in writing the APN, or the operator APN that does not exist in the network is indicated. The main idea of ​​using the DEFAPN parameter is to reduce the number of unsuccessful attempts to activate PDP Context, in case subscribers make a mistake, i.e. indicated wrong APN in connection settings. Using the DEFAPN parameter is optional and does not affect the overall functionality, i.e. the operator may not acquire licenses to use this functionality. In addition to the DEFAPN settings, usually the SGSN'e mandatory setting is permission to overwrite the requested APN [Override of the requested APN], as well as separate override settings of the requested APN for the [Override of roaming APN] roaming subscribers.
But what prevents the operator from using additional functionality for their own benefit ... :)
The scenario is almost the same for both roaming subscribers and subscribers in their home network, the only difference is that the replacement parameters of the requested APN must be specified for the PLMN the user belongs to (i.e., either HPLMN or VPLMN) therefore all of the below is equally applicable to both subscriber location scenarios in both the roaming network (VPLMN) and the home network (HPLMN).
Actually, with the help of such small tricks our virtual mobile operator can deceive its subscribers.
Conclusion: always monitor the settings and parameters that are transmitted in any communication, including when using GPRS / EDGE services in the networks of mobile operators, because very often the network skips the message about the indignation of data services and large bills for the use of mobile communication, and to get some sane response from the operator, sometimes very, very difficult.
. .: when writing an article, not a single cellular subscriber suffered, since in our country, all operators are "honest" and fluffy :-)
A small assistant:
APN - Access Point Name
GGSN - Gateway GPRS Support Node
GOI - GGSN Operator Identifier
GPRS - General Packet Radio Service
HLR - Home Location Register
HPLMN - Home PLMN
IMSI - International Mobile Subscriber Identity
LAC - Location Area Code
MCC - Mobile Country Code
MNC - Mobile Network Code
PDN - Packet Data Networks
PDP - Packet Data Protocol
PLMN - Public Land Mobile Network
RAC - Routing Area Code
RNC - Radio Network Controller
SGSN - Serving GPRS Support Node
VPLMN - Visitor PLMN
Related links (en):
As we remember from the GPRS article from the inside. Part 2 , APN is used during the PDP Context activation procedure and is intended to determine the service requested by the subscriber.
The services provided by the resources of the mobile operator's packet network can be:
- Mobile internet
- Intranet VPN access
- Mms
- Wap
- LAN over GPRS
- PTT [Push-To-Talk]
- SMS over GPRS *
* - APN is not used to provide services for sending short messages and there is no need to activate the PDP Context, it is enough to carry out the GPRS Attach procedure.
Let us consider in more detail the mechanisms for choosing and using the APN (en) - Access Point Name in a GPRS session. Let's start with the limitations, the APN should NOT :
- end in '.gprs' *
- have special characters in the name (?% # $ *) **
- be less than 1 character and more than 63 characters *
- start with combinations of sequences of characters: LAC, RAC, SGSN, RNC
- start with operator code (see below)
* - This restriction applies to the so-called. Network ID (see below)
** - only alphanumeric sequences of characters are used: 'A ... Z', 'a ... z', '0 ... 9', as well as the characters'. - '
')
An APN must also begin with an alphanumeric character string and is not case sensitive on the SGNS side.
Functionally, the APN is designed to determine the IP address of the GGSN, which will provide the service requested by the subscriber when the PDP context is activated.
Optionally, an APN consists of two parts — a network identifier (mandatory part) and an operator identifier (optional part):
- the network identifier determines the IP address of the GGSN or several GGSNs and, as a first approximation, determines the type of network to which the GGSN has output;
- The operator ID is the network settings of the operator in which the serving GGSN is located and consists of the MNC and MCC (for example, mnc009.mcc255.gprs is a certain operator, Ukraine - which is also called GOI [GGSN Operator Identifier]), if the APN name is missing these data, then for subscribers of the SGSN home network the operator will add the so-called Default APN Operator Identifier, prescribed in SGSN for the subscriber’s home network, so-called. HPLMN *;
* - for a mobile network subscriber, there is the concept of a home network [HPLMN], i.e. networks in which the tariffs specified in the contract for the provision of network services will operate, but there is also the concept of a guest or roaming network [VPLMN], in which tariffs will operate according to the roaming agreement between the operators. In this case, the home network for the subscriber will be only one, and there may be several guest networks.
The operator ID can be added to the APN in various ways:
- Received from the subscriber when the PDP Context is activated (registered in the APN itself).
- Generated from the IMSI subscriber if the guest user is roaming and requests access to his home network.
- Obtained from the GOI [Default APN Operator Identifier] parameter, which is assigned to the SGSN for the network to which the subscriber belongs
The full APN name (including the operator ID) is used to resolve the IP address of the GGSN that will serve the specified APN. On the side of the local DNS operator, the APN will be “decrypted” from right to left, i.e. determine the gprs domain service area, then the mcc255 domain service area, etc. Before activating the PDP Context, the SGSN receives a user profile from the HLR. In the user profile, the APN parameter may indicate the APN's allowed for use by the subscriber, or the “*” sign, which allows the use of any of the existing APNs in the operator’s network. If the profile contains a list of several allowed APNs, then the first APN in the list has a higher priority than the others - see examples.
For each PLMN, be it Home PLMN or Visitor PLMN, most vendors allow you to register on SGSN, so-called. Default APN Operator Identifier [DEFAPN], which is automatically substituted as a Network Identifier, i.e. actually replacing the APN requested by the subscriber, but only if the subscriber made a mistake in writing the APN, or the operator APN that does not exist in the network is indicated. The main idea of ​​using the DEFAPN parameter is to reduce the number of unsuccessful attempts to activate PDP Context, in case subscribers make a mistake, i.e. indicated wrong APN in connection settings. Using the DEFAPN parameter is optional and does not affect the overall functionality, i.e. the operator may not acquire licenses to use this functionality. In addition to the DEFAPN settings, usually the SGSN'e mandatory setting is permission to overwrite the requested APN [Override of the requested APN], as well as separate override settings of the requested APN for the [Override of roaming APN] roaming subscribers.
But what prevents the operator from using additional functionality for their own benefit ... :)
The scenario is almost the same for both roaming subscribers and subscribers in their home network, the only difference is that the replacement parameters of the requested APN must be specified for the PLMN the user belongs to (i.e., either HPLMN or VPLMN) therefore all of the below is equally applicable to both subscriber location scenarios in both the roaming network (VPLMN) and the home network (HPLMN).
- Smart caller
It is given: the subscriber indicated in the phone settings an existing APN (for example, opsos.com.ua), access to which he is allowed. In his profile on the HLR, the list of allowed APNs is indicated (for example, in this order - internet, opsos.com.ua, mms.opsos.com.ua).- DEFAPN Activated, Override of Requested APN Permited
Subscriber to be in your home network:
SGSN will add the GOI specified for HPLMN to the requested APN (i.e. for our virtual operator it is mnc009.mcc255.gprs), the full name of the APN - opsos.com.ua.mnc009.mcc255.gprs will be resolved to the IP address of the GGSN that will serve GPRS session. PDP Context for the subscriber will be successfully activated by the APN indicated by him (in our case it will be opsos.com.ua), the tariffs for using the packet transmission will correspond to the tariffs of the access point opsos.com.ua.
Subscriber to be in the guest network:
in the guest network, the SGSN will add the GOI APN of the home network to the specified name, based on the information from the IMSI, send a request to the DNS server and get the GGSN IP address in the operator’s home network, then redirect the PDP Context to the subscriber’s home network, i.e. while roaming, subscribers use a roaming SGSN, but all traffic passes through their home GGSN. Tariffs for using packet transmission will correspond to the subscriber's roaming tariffs of the access point opsos.com.ua. - DEFAPN NOT Activated, Override of Requested APN NOT Permited
Further developments are almost similar for both roaming subscribers and subscribers in their home network (HPLMN), so we will not consider two scenarios, but only point out the main differences.
In this scenario, events will not change anything, the subscriber will be able to activate the PDP Context by APN - opsos.com.ua, the tariffs for using the packet transfer services will correspond to the tariffs of the access point opsos.com.ua.
- DEFAPN Activated, Override of Requested APN Permited
- Typical subscriber
It is given: the subscriber indicated an existing APN in the settings, for example, internet (or any other APN existing in the operator’s network), while the subscriber’s settings on the HLR (in its profile) are indicated with "*" in the APN parameter.- DEFAPN Activated, Override of Requested APN Permited
The subscriber will be able to activate the PDP Context for the APN - internet specified by him, the tariffs for using the packet transfer services will correspond to the tariffs of the internet access point, since DEFAPN parameter does not participate in subscriber context activation. - DEFAPN NOT Activated, Override of Requested APN NOT Permited
The subscriber will be able to activate the PDP Context for the APN - internet indicated by him, the tariffs for using the packet transfer services will correspond to the tariffs of the internet access point.
- DEFAPN Activated, Override of Requested APN Permited
- Almost smart subscriber
It is given: the subscriber indicated in the phone settings NOT an existing APN (for example, mega.fast.internet), or the subscriber will indicate the existing APN in the settings, but which will not be present in the list of allowed APNs in the subscriber profile from the HLR. In his profile on the HLR, the list of allowed APNs is indicated (for example, in this order - internet, opsos.com.ua, mms.opsos.com.ua).- DEFAPN Activated, Override of Requested APN Permited
In this case, because on the SGSN side, the subscriber profile will be received from the HLR, the first APN in the list will be determined and the PDP Context will be activated by this first APN.Here there is a small nuance, tk. the subscriber does not have the right to somehow interfere in changing his profile, that is, the likelihood that the first APN in the list will allow him to “turn out” APN, the usage rates of which will not be quite small.
- DEFAPN NOT Activated, Override of Requested APN NOT Permited
In this case, the user will receive a Reject (rejection) to activate the PDP Context and will not be able to use the requested service until he has indicated one of the APNs indicated in his profile with HLR.
- DEFAPN Activated, Override of Requested APN Permited
- "Gifted" subscriber + a little trick (read LOYALTY) operator
It is given: for the first time the subscriber hears the word APN (or indicated a non-existent APN / made a mistake when entering the existing APN), in his profile the “*” is set to HLR instead of the APN.- DEFAPN Activated, Override of Requested APN Permited
Suppose in the default SGSN settings for PLMN subscribers to which the subscriber belongs, for example, DEFAPN - expensive.net with the “cheapest” (say, packet data transmission under APN expensive.net is the most expensive tariff in the operator’s network) is set for using packet data . In this case, because if the subscriber indicated not a “correct” APN, then his requested APN will be replaced with the one specified in DEFAPN, i.e. - expensive.net.Another “nuance” appears here, if the subscriber will connect to the network under the specified conditions, then he will pay for the services on the “ceiling” itself, i.e. at the expensive.net rate.
- DEFAPN NOT Activated, Override of Requested APN NOT Permited
In this event scenario, the subscriber will receive a Reject to activate the PDP Context and will not be able to use the packet data services.
- DEFAPN Activated, Override of Requested APN Permited
Actually, with the help of such small tricks our virtual mobile operator can deceive its subscribers.
Conclusion: always monitor the settings and parameters that are transmitted in any communication, including when using GPRS / EDGE services in the networks of mobile operators, because very often the network skips the message about the indignation of data services and large bills for the use of mobile communication, and to get some sane response from the operator, sometimes very, very difficult.
. .: when writing an article, not a single cellular subscriber suffered, since in our country, all operators are "honest" and fluffy :-)
A small assistant:
APN - Access Point Name
GGSN - Gateway GPRS Support Node
GOI - GGSN Operator Identifier
GPRS - General Packet Radio Service
HLR - Home Location Register
HPLMN - Home PLMN
IMSI - International Mobile Subscriber Identity
LAC - Location Area Code
MCC - Mobile Country Code
MNC - Mobile Network Code
PDN - Packet Data Networks
PDP - Packet Data Protocol
PLMN - Public Land Mobile Network
RAC - Routing Area Code
RNC - Radio Network Controller
SGSN - Serving GPRS Support Node
VPLMN - Visitor PLMN
Related links (en):
Source: https://habr.com/ru/post/79505/
All Articles